emacs-orgmode@gnu.org archives
 help / color / mirror / code / Atom feed
* [PATCH] ob-core: add org-confirm-babel-evaluate-cell custom variable
@ 2022-12-10 20:28 Tom Gillespie
  2022-12-11  2:58 ` Max Nikulin
  0 siblings, 1 reply; 49+ messages in thread
From: Tom Gillespie @ 2022-12-10 20:28 UTC (permalink / raw)
  To: emacs-orgmode

[-- Attachment #1: Type: text/plain, Size: 198 bytes --]

Hi,
    Here is a patch that improves the ergonomics and thus hopefully
the security for the recent changes to check evaluation for cells. Full
details in the commit message on the patch. Best!
Tom

[-- Attachment #2: 0001-ob-core-add-org-confirm-babel-evaluate-cell-custom-v.patch --]
[-- Type: text/x-patch, Size: 3199 bytes --]

From da3a88e2919ec5bac6328d55eb99b3352f25b9b4 Mon Sep 17 00:00:00 2001
From: Tom Gillespie <tgbugs@gmail.com>
Date: Sat, 10 Dec 2022 12:11:17 -0800
Subject: [PATCH] ob-core: add org-confirm-babel-evaluate-cell custom variable

* lisp/ob-core.el (org-confirm-babel-evaluate-cell): Added to control
execution of cells separate from execution of src blocks, it works in
exactly the same way as org-confirm-babel-evaluate.
* lisp/ob-core.el (org-babel-read): org-confirm-babel-evaluate-cell is
now used to check cells independent of org-confirm-babel-evaluate.

Following the change in 10e857d42859a55b23cd4206ffce3ebd0f678583 it
became extremely annoying to tangle files that make extensive use of
elisp expression in src block #+header: statements.

This commit resolves the issue by making it possible to ignore checks
on cells (the old behavior) without compromising general security for
running src blocks.

This is necessary because there is no easy way to hop swap
org-confirm-babel-evaluate between org-get-src-block-info where
org-babel-read is called and the execution of that src block. It could
probably be done using advice around org-babel-read, but that is a
level of hackery that should be avoided.
---
 lisp/ob-core.el | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/lisp/ob-core.el b/lisp/ob-core.el
index 62b0d3612..14669d940 100644
--- a/lisp/ob-core.el
+++ b/lisp/ob-core.el
@@ -128,6 +128,14 @@ remove code block execution from the `\\[org-ctrl-c-ctrl-c]' keybinding."
 ;; don't allow this variable to be changed through file settings
 (put 'org-confirm-babel-evaluate 'safe-local-variable (lambda (x) (eq x t)))
 
+(defcustom org-confirm-babel-evaluate-cell t
+  "Confirm before evaluating a cell."
+  :group 'org-babel
+  :version "29.1"
+  :type '(choice boolean function))
+;; don't allow this variable to be changed through file settings
+(put 'org-confirm-babel-evaluate-cell 'safe-local-variable (lambda (x) (eq x t)))
+
 (defcustom org-babel-no-eval-on-ctrl-c-ctrl-c nil
   "\\<org-mode-map>\
 Remove code block evaluation from the `\\[org-ctrl-c-ctrl-c]' key binding."
@@ -3180,11 +3188,14 @@ situations in which is it not appropriate."
 		  (string= cell "*this*")))
          ;; Prevent arbitrary function calls.
          (if (and (memq (string-to-char cell) '(?\( ?`))
+                  (if (functionp org-confirm-babel-evaluate-cell)
+                      (funcall org-confirm-babel-evaluate-cell cell)
+                    org-confirm-babel-evaluate-cell)
                   (not (org-babel-confirm-evaluate
-                      ;; See `org-babel-get-src-block-info'.
-                      (list "emacs-lisp" (format "%S" cell)
-                            '((:eval . yes)) nil (format "%S" cell)
-                            nil nil))))
+                        ;; See `org-babel-get-src-block-info'.
+                        (list "emacs-lisp" (format "%S" cell)
+                              '((:eval . yes)) nil (format "%S" cell)
+                              nil nil))))
              ;; Not allowed.
              (user-error "Evaluation of elisp code %S aborted." cell)
 	   (eval (read cell) t)))
-- 
2.37.4


^ permalink raw reply related	[flat|nested] 49+ messages in thread

end of thread, other threads:[~2023-01-07 13:12 UTC | newest]

Thread overview: 49+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-12-10 20:28 [PATCH] ob-core: add org-confirm-babel-evaluate-cell custom variable Tom Gillespie
2022-12-11  2:58 ` Max Nikulin
2022-12-11 20:27   ` Tom Gillespie
2022-12-11 20:37     ` Tom Gillespie
2022-12-11 20:46     ` Kyle Meyer
2022-12-11 21:08       ` Tom Gillespie
2022-12-12 10:20         ` Ihor Radchenko
2022-12-13  1:53           ` Tom Gillespie
2022-12-13  9:03             ` Ihor Radchenko
2022-12-13 16:31             ` Max Nikulin
2022-12-13 21:16               ` Tom Gillespie
2022-12-14 16:40                 ` Max Nikulin
2022-12-14 18:24                   ` Tom Gillespie
2022-12-15  9:18                     ` Ihor Radchenko
2022-12-15  9:25                       ` Tom Gillespie
2022-12-15  9:57                       ` tomas
2022-12-15  9:10                   ` Ihor Radchenko
2022-12-15 12:10                     ` Max Nikulin
2022-12-15 12:25                       ` Ihor Radchenko
2022-12-15 14:46                         ` Max Nikulin
2022-12-15 21:08                           ` Tim Cross
2022-12-16  6:07                             ` Ihor Radchenko
2022-12-16  7:22                               ` Tim Cross
2022-12-18 14:19                                 ` Ihor Radchenko
2022-12-18 21:37                                   ` Tim Cross
2022-12-20  0:00                                     ` Tom Gillespie
2022-12-20  0:06                                       ` Tom Gillespie
2022-12-25 11:00                                         ` Ihor Radchenko
2022-12-18 14:12                           ` Ihor Radchenko
2022-12-25 11:06             ` Ihor Radchenko
2022-12-29 15:58               ` Bastien Guerry
2022-12-29 16:33                 ` Max Nikulin
2022-12-29 16:35                 ` Ihor Radchenko
2022-12-30  8:52                   ` Bastien
2022-12-30 11:10                     ` Max Nikulin
2022-12-30 17:43                     ` Tom Gillespie
2022-12-31 13:48                       ` Ihor Radchenko
2022-12-31 16:15                         ` Tom Gillespie
2023-01-02  8:34                         ` [SECURITY] Arbitrary code evaluation security in Org (was: [PATCH] ob-core: add org-confirm-babel-evaluate-cell custom variable) Ihor Radchenko
2023-01-02 10:59                           ` [SECURITY] Arbitrary code evaluation security in Org Greg Minshall
2023-01-03  9:52                             ` [SECURITY] Tangling can overwrite arbitrary tangling targets, including important user files (was: [SECURITY] Arbitrary code evaluation security in Org) Ihor Radchenko
2023-01-02 19:00                           ` [SECURITY] Arbitrary code evaluation security in Org (was: [PATCH] ob-core: add org-confirm-babel-evaluate-cell custom variable) Tim Cross
2023-01-03 11:00                             ` Ihor Radchenko
2023-01-07 13:12                               ` Ihor Radchenko
2023-01-02 15:13                         ` [PATCH] ob-core: add org-confirm-babel-evaluate-cell custom variable Bastien Guerry
2023-01-02 15:17                           ` Ihor Radchenko
2023-01-02 15:15                       ` Bastien
2022-12-13  4:16           ` Kyle Meyer
2022-12-13 16:15     ` Max Nikulin

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/emacs/org-mode.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).